<?php
/*
+--------------------------------------------------------------------------
|   AffiliStore 2
|   ========================================
|   Web: http://www.affilistore.com
|   Email: admin (at) affilistore (dot) com
|	License Type: AffiliStore 2 is NOT open source software and limitations apply 
|   Licence Info: Visit AffiliStore website and click on 'Licence'
+--------------------------------------------------------------------------
*/
if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
	exit;
}


$box_content = new XTemplate ("skins/".$configSkin['value']."/styleTemplates/addcomments.tpl");

session_start();
if (isset($_POST['c_name'])) {
	if (empty($_POST['c_name']) || empty($_POST['c_comment']) || ($_SESSION['security_code'] != $_POST['security_code']) || empty($_SESSION['security_code'])) {
	$box_content->assign("DATA", '<p style="color:red"><strong>Fields were empty or the security code was not correct, please try again.</strong></p>');
	} else {
	
	// get product names
	if (isset($_GET['pid'])) {
		// use merchant product ids
		if ($navOpt[12] == 1) {
		$theprodID = 'merchantProdID';
		} else {
		$theprodID = 'dbProdID';
		}
	$getAttachedID = mysql_query(sprintf("SELECT * FROM affiliSt_products1 WHERE prodDB = %s AND ".$theprodID." = %s",
				quote_smart($_GET['proddb']),
				quote_smart($_GET['pid'])));
	$theAttachedID = mysql_fetch_assoc($getAttachedID);
	$attachName = $theAttachedID['prodName'];
	$prodrating = $_POST['c_rating'];
	// get new item titles
	} else if (isset($_GET['news'])) {
	$attachName = $_GET['news'];
	$prodrating = 0;
	} else if (isset($_GET['merchant'])) {
	$attachName = $_GET['merchant'];
	$prodrating = $_POST['c_rating'];
	}
	
	$timeNow = mktime(0, 0, 0, date("m"), date("d"), date("Y"));
	
	$sql = sprintf("INSERT INTO affiliSt_comments (name, email, link, comments, date, attachedID, section, rating) values (%s, %s, %s, %s, %s, %s, %s, %s)",
			   quote_smart($_POST['c_name']),
			   quote_smart($_POST['c_email']),
			   quote_smart($_POST['c_websiteURL']),
			   quote_smart(strip_tags($_POST['c_comment'])),
			   quote_smart($timeNow),
			   quote_smart($attachName),
			   quote_smart($_POST['c_section']),
			   quote_smart($prodrating));
	mysql_query($sql, $databaseConnect) or die(mysql_error());
	
	
	// get config details
	$getMyEmail = mysql_query("SELECT * FROM affiliSt_config WHERE name = 'adEmail'");
	$myEmail = mysql_fetch_assoc($getMyEmail);
	$getEmailSig = mysql_query("SELECT * FROM affiliSt_config WHERE name = 'emailSig'");
	$emailSig = mysql_fetch_assoc($getEmailSig);
	
	
	// new comment email
	$myemailaddress = $myEmail['value'];
	$emailaddress = $myemailaddress;
	$subject = "New comment in ".$_POST['c_section']."";
	$emailfrom = $myemailaddress;
	$messageb .= "Dear Admin\n\nYou have received a new comment in ".$_POST['c_section']."\n\n".$emailSig['value']."\n\n";
	$runtime = (date("d M Y H:i"));
	$messageb .= "Time of the message: $runtime (server time zone)\n\n";
	mail($emailaddress, $subject, $messageb, "From: $emailfrom");
	
	
	$box_content->assign("DATA", '<p style="color:green"><strong>Thanks for your comments, they will be reviewed shortly.</strong></p>');
	}
$box_content->parse("addcommentsresult");
$box_content = $box_content->text("addcommentsresult");
} else {
	if (isset($_GET['pid']) || isset($_GET['merchant'])) {
		if (isset($_GET['pid'])) {
		$box_content->assign("SECTION", 'products');
		} else {
		$box_content->assign("SECTION", 'stores');
		}
	$box_content->assign("PRODRATING", '
<tr>
<td>
<label for="cRating">*Rating:</label>
</td>
<td>
<input name="c_rating" type="radio" id="cRating" value="0" checked="checked" /> 0
<input name="c_rating" type="radio" value="1" /> 1
<input name="c_rating" type="radio" value="2" /> 2
<input name="c_rating" type="radio" value="3" /> 3
<input name="c_rating" type="radio" value="4" /> 4
<input name="c_rating" type="radio" value="5" /> 5
</td>
</tr>
	');
	

	} else if (isset($_GET['news'])) {
	$box_content->assign("SECTION", 'news');
	$box_content->assign("PRODRATING", '');
	} 
$box_content->assign("INSTALLDIR", $installDir['value']);
$box_content->parse("addcomments");
$box_content = $box_content->text("addcomments");
}
?>